Compliance News | Apr 2019

Posted by

Lynne Callister

on 25 Apr 2019

Our selection of the most informative compliance news stories this month - regulatory announcements, market studies, compliance lapses and disregard of laws/regulations.

Compliance News - April 2019

Our selection of the most informative compliance news stories this month - regulatory announcements, market studies, compliance lapses and disregard of laws/regulations.

Select the links or scroll down for more details

Recruitment fraud costs UK businesses £24bn a year

Have you ever taken someone on without fully checking their credentials? Maybe you've thought about over-embellishing your qualifications or experience to land your dream job in the past? If so, you're not alone.

Research by Crowe UK and the University of Portsmouth has found that recruitment fraud is costing UK businesses £24 billion a year. When CV checks were carried out on 5,000 employees, over three-quarters had discrepancies, with 12% falsifying grades and a fifth exaggerating their job titles.

With fake documents, bogus references and a half of businesses admitting they did not vet prospects at all, companies are leaving themselves dangerously exposed to insider fraud. In one example, a contractor, who having made a good impression and was taken on by a European bank without checks, went on to defraud it of €5 million. In another, a local authority unwittingly employed a convicted fraudster.

It doesn't just affect companies either. 1 in 10 jobseekers have been tricked by recruitment scams, with some even handing over their bank details for jobs that don't exist.

Keith Rosser, chair of the Metropolitan Police's SAFERjobs initiative said, "It's often personal reasons that cause people to defraud companies. Some people have histories of debt or challenges in their personal life that trigger these actions."

Firms are being urged to conduct due diligence checks and to be alert to red flags of fraud. Would you know what signs to look for?

CNIL report tells of 'exceptional year'

CNIL, the French data protection regulator, has released its report for 2018, marking an 'exceptional year'.

In its key findings, we can see the impact that GDPR has had on individuals and companies:

  • Individuals are much more aware of data protection issues and CNIL saw a record-breaking 32.5% jump in complaints (to 11,077 complaints in 2018)
  • The majority of complaints (35.7%) related to the sharing of individuals' personal data online and people exercising their right to be forgotten
  • There was also a surge in organisations looking for help - CNIL got an influx of enquiries from people wanting advice on how to comply. The 'GDPR effect' led to almost 190,000 calls and 8 million visits to its website (up by 22% and 80% respectively on 2017).

Say what you like about GDPR, it's certainly making waves…

Download our free GDPR training presentation to help educate your employees. Or, take a look at our GDPR training library.

'Bounty'-ful fines for pregnancy club

Bounty UK, the pregnancy and parenting club, has received a £400k fine for sharing the personal data of more than 14 million people without their knowledge.

The pregnancy club - which provides free samples, offers and vouchers via apps, online and directly to new mums in hospital - failed to tell them that their personal information was being shared with 39 other organisations, including credit reference and marketing agencies. 34.3 million records were shared between June 2017 and April 2018.

Describing the breach as "unprecedented", the ICO's director of investigations said the "careless" data-sharing would have caused distress to "potentially vulnerable" people, including new mothers and children.

With echoes of Zuckerberg's apology to Congress, Bounty's managing director Jim Kelleher said, "In the past, we did not take a broad enough view of our responsibilities and as a result our data-sharing processes, specifically with regards to transparency, were not robust enough".

When the tide went out, it seems some people were certainly caught swimming naked…

Practice manager fined for data breach

With the summer holidays fast approaching, you may be thinking about how to keep in touch with the office. If you're tempted to forward information to your personal email, you better read this…

A former GP practice manager who worked in Derby has been fined a total of £514 for sending personal data to her own email account. The fine may well have been bigger today, but she was prosecuted under the 1998 Act due to when the offence took place. You can keep up-to-date on the biggest fines for GDPR breaches in our blog.

To protect yourself at work, remember:

  • Don't access personal data without a valid business reason
  • Only share personal data with people who have a 'need to know'
  • Don't forward personal information to your private email
  • Be open and transparent about how you intend to use people's data

Uber investigated over grease and charitable payments

Ride-hailing firm Uber has confirmed that it's being investigated over possible corrupt payments in five countries, including Malaysia, China, India and Indonesia.

According to reports, the DOJ is asking about "small payments to police in Indonesia". Hm, small payments? Would that be facilitation payments, perchance?

In fact, the case isn't new. Media reports dating back to 2017 confirm Uber staff made small payments to police in return for them ignoring a support office operating outside the business zones in Jakarta.

Then, there's also the matter of Uber's corporate donation of "tens of thousands of dollars" to the Malaysian Global Innovation and Creativity Center. Within 12 months, a government sponsor had invested $30 million in Uber and legislation favourable to Uber had also been passed.

As generous donations from wealthy corporates currently flood in to rebuild the fire-stricken Notre Dame, exactly what are the red flags when it comes to charitable giving? Think about:

  • Who is asking for the donation?
  • Did they request or drop hints about the donation?
  • Does a government official hold a key position at the charity? If not, how about other family members or connected persons?
  • Is there a tax donation? Be suspicious of companies not seeking a tax benefit

Download our free Anti-Bribery Training Presentation to refresh your employees on the laws surrounding bribery.

£15.3tn of assets at risk of climate change

The global financial system is facing an existential threat from climate change and urgent action is needed. No, these aren't the words of an environmental pressure group, but the Governors of the Bank of England and the Banque de France who have issued the stark warning.

Mark Carney and François Villeroy de Galhau cautioned, "If some companies and industries fail to adjust to this new world, they will fail to exist."

The report says banks and insurers face considerable risks from weather events - such as droughts, floods and rising sea levels. In turn, these physical risks could impact the value of assets and collateral, and also disrupt business operations (e.g. power outages and branch closures).

The Bank of England has warned that £15.3 trillion of "stranded assets" – e.g. unburnable carbon - could effectively become worthless.

It's urging financial institutions to:

  • Assess their resilience to climate change risks
  • Integrate sustainability into portfolio management
  • Bridge any data gaps to enhance assessment of climate change risks
  • Build in-house capacity and knowledge with other stakeholders on how to manage climate-related financial risks

Acteon Group to pay $441,000 for sanctions violations

Acteon Group, a UK subsea service provider, has agreed to pay $441,000 for breaching US sanctions that prohibit business with Iranian and Cuban entities.

The firm, along with its subsidiary 2H Offshore and two Malaysian affiliates, admitted seven violations dating back to 2011 when it provided engineering design analyses and allowed its engineers to conduct workshops in Cuba.

In addition, its Seatronics subsidiary in Abu Dhabi rented or sold equipment for use by customers on vessels operating in Iranian territorial waters.

The firm has agreed to bolster its internal compliance and must certify annually that it is compliant for the next five years.

It's definitely been a busy month for OFAC, the Federal Reserve and the New York Department for Financial Services (DFS)…

Bank pays $1.3 billion penalty over sanctions violations

UniCredit Bank is to pay $1.3 billion in penalties after it admitted processing "hundreds of millions of dollars of transactions" on behalf of sanctioned Iranian entities through the US financial system. For ten years, the bank moved $393 million through the US financial system and also conspired to conceal restrictions.

When the bank introduced an automated 'embargo tool' to flag transactions likely to violate sanctions, its compliance department issued an instructional guide - effectively providing a workaround to enable employees to dodge red flags and process transactions in an "OFAC-neutral" way, according to the regulator.

FCA to beef up AML supervision through OPBAS

The Financial Conduct Authority (FCA) has promised to beef up supervision of the professional bodies and associations it oversees after a report by its Office for Professional Body Anti-Money Laundering Supervision (OPBAS) revealed some worrying findings.

  • 23% of Professional Body Supervisors (PBSs) undertook no AML supervision of its members, 80% lacked appropriate governance arrangements, and 91% were not fully applying a risk-based approach
  • 23% of accountancy PBSs outsourced its AML compliance assessments to another PBS or an external third party
  • 40% of employees in PBSs were unsure of their reporting obligations for suspicious activity
  • 80% of professional bodies lacked appropriate training
  • 36% lacked proper record keeping policies
  • 91% had yet to start or were in the process of gathering information required for ML/TF risk profiling

The clock is ticking. The FCA has confirmed in its business plan that it will extend its SMCR regime to all entities it supervises by December 2019, holding all executives to account for financial crime violations.

You can also read about our full FCA Compliance library.

Line of duty: NCA prepares to tackle illicit finance

Meanwhile, in 2019/2020, the National Crime Agency intends to fully maximise its latest powers of Account Freezing Orders and Unexplained Wealth Orders (UWOs) to tackle illicit finance, which costs the UK economy £160 billion annually, and is also promising to reform the Suspicious Activity Report regime.

In its annual report, it commits to implementing the Financial Action Task Force inspection recommendations to improve the quality of financial intelligence that is available to competent authorities and to better exploit the available SAR data.

The database currently holds 2.3 million SARs.

Cyber Security Breaches Survey 2019 highlights phishing email vulnerability

32% of UK businesses and 1 in 5 charities have experienced a cyberattack or breach in the last year, according to the UK Government's latest Cyber Security Breaches Survey.

Of these, the most common attacks were:

  • Phishing emails (affecting 80% of businesses, 81% of charities)
  • Others impersonating their organisation online (28% of businesses, 20% of charities)
  • Viruses and malware (27% of businesses, 18% of charities)

While many organisations have made changes to cybersecurity as a result of GDPR (with 60% creating new policies), only 27% of businesses and 29% of charities had providing cybersecurity training, leaving them dangerously exposed.

Having a policy won't necessarily guarantee people will know what to do when faced with a malicious actor or potential threat. You need to train your staff so that they know how to spot the signs of phishing and exactly what to do.

Banks to face 'ethical hacking' tests

In their 2019/2020 business plan, the FCA has stated that it will continue testing banks' resilience to cyberattack using the CBEST (ethical hacking) regulatory tools in partnership with the Bank of England, as part of its operational resilience priorities. It also pointed out that IT failure by third parties was the second-highest root cause of disruption to services.

Compliance Essentials E-learning Courses

Looking for more compliance insights?

If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news subscribe to Skillcast Compliance Bulletin.

To help you navigate the compliance landscape we have collated searchable glossaries of key terms and definitions across complex topics including GDPR, Equality, Financial Crime and SMCR. We also track the biggest compliance fines, explaining what drives them and how to avoid them.

You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.

Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!

If you've any questions or concerns about compliance or e-learning, please get in touch.

We are happy to help!

Compliance Essentials

Compliance Essentials Library is our best-selling comprehensive corporate training solution.

100+ e-learning and microlearning courses that help companies from SMEs to multinationals achieve compliance success.

Start a Free Trial